+ Post New Thread
Results 1 to 7 of 7
Windows Server 2008 R2 Thread, Password Policy Issue in Technical; I have 2 users who all of a sudden can't change their passwords. They get the message that the password ...
  1. #1

    Join Date
    Jan 2011
    Location
    Anderson
    Posts
    35
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Password Policy Issue

    I have 2 users who all of a sudden can't change their passwords. They get the message that the password they are attempting to use does not meet complexity. Issue one, we have complexity turned off with our domain policy....and two, I have made up passwords that far surpass the complexity requirements and they still get the message. We've tried on different computers with no luck. I can change their password myself with no issues in AD.

    Has anyone seen anything like this before?

    Thanks in advance for any suggestions.

  2. #2

    Join Date
    Aug 2009
    Posts
    249
    Thank Post
    19
    Thanked 15 Times in 14 Posts
    Rep Power
    13
    Have you got age restrictions on the password?

    Anything common between the two, that isn't common for others?

  3. #3

    Join Date
    Jan 2011
    Location
    Anderson
    Posts
    35
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    The Domain Policy Age Restriction is 45 days. I have looked at these two and see nothing of any difference between them and all other users. Two different locations, two different OUs...heck, one is a computer teacher and the other a shop teacher!

    The only common scenario is both gave their username and passwords to another teacher to use....then wanted to change the passwords to "new" passwords when the teachers were finished.
    Last edited by djameson; 4th September 2012 at 08:11 PM.

  4. #4
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    795
    Thank Post
    81
    Thanked 130 Times in 113 Posts
    Blog Entries
    8
    Rep Power
    31
    Have they tried changing it on another machine? Run RSOP.msc and have a look at how the policy is being applied to their teacher computers.

  5. #5

    Join Date
    Jan 2011
    Location
    Anderson
    Posts
    35
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Yes, we have tried other machines...with no luck. All looked "ok" when running gpresult but I will take another look.

    Thanks.

  6. #6
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    325
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    You do not mention what age restriction you have enabled.

    Someone correct me if Iím wrong;
    If the minimum password set to 45 days the user cannot change their password within 45 days of its last change.
    Many of our teachersí passwords expired over the summer and they are forced to change them when they come back. If this is your case then the teacher recently changed their password and cannot change it until the 45 days are up.
    However I would think that after an admin changed it and set must change password the user should be able to set their own, unless you have password history turned on.

    I will have to look up the tool tomorrow but there is a great dll you can register to give and extra info tab in AD with password last set, expiry date, last bad log on etc. Of course you can see all these easily with the attribute editor now. Nevertheless it is good info to look at when troubleshooting something like this.
    Finally we had a teacher that could not remember their password, so we set it to

    Iwillremembermypassword.
    You could set it to
    Iwillnotsharemypassword.
    and set not allowed to change password.

  7. #7

    Join Date
    Jan 2011
    Location
    Anderson
    Posts
    35
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Thanks for the continued responses.

    I mentioned the max above but currently I have things set as below:

    Enforce password history: 2 remembered
    Max age: 45 days
    Min age: 1 day
    Minimum length: 5 characters
    Complexity and Encryption disabled

    The way I understand, and please correct me if I am wrong, that the 45 day setting meant that a password was good until 45 days expire...then it had to be changed. Not that it couldn't be changed before 45 days. With the minimum age being 1 day, it should be able to be changed the next day. I was thinking more on the lines of Group Policy not being applied correctly.....

    Thanks again.

SHARE:
+ Post New Thread

Similar Threads

  1. Password policy for remote users
    By cookie_monster in forum Windows
    Replies: 4
    Last Post: 18th May 2008, 03:46 PM
  2. The answer to multiple password policies
    By binky in forum Windows
    Replies: 2
    Last Post: 6th July 2007, 12:08 PM
  3. Setting up the Password Policy on domain.
    By tosca925 in forum Windows
    Replies: 5
    Last Post: 13th June 2007, 08:28 PM
  4. Setting password policy at OU level.
    By tosca925 in forum Windows
    Replies: 9
    Last Post: 5th June 2007, 05:36 PM
  5. Help: Policy Issue
    By standunstan in forum Windows
    Replies: 4
    Last Post: 25th July 2006, 10:16 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •